Release Notes #

For the most up-to-date version of the documentation for SUSE Linux Enterprise Micro 5.0, see https://documentation.suse.com/sle-micro/5.0 (https://documentation.suse.com/sle-micro/5.0).

SUSE Linux Enterprise Micro is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services.

SUSE Linux Enterprise Micro 5.0 has a 12-month life cycle. For more information, see https://www.suse.com/lifecycle (https://www.suse.com/lifecycle) and the Support Policy page at https://www.suse.com/support/policy.html (https://www.suse.com/support/policy.html).

There are two types of installation media of SUSE Linux Enterprise Micro. The installer ISO allows to install via YaST or AutoYaST, with the possibility to fully customize the installation. The pre-built images contain a system image already pre-configured.

There are slight differences between these two:

The images have two things in common:

For web-based management of a single node, Cockpit is included.

Cockpit is not enabled by default and its firewall port is not open if the firewall is enabled. For more information, see Section 5.3, “Cockpit service not known to firewalld”.

SUSE Manager can be used to manage SUSE Linux Enterprise Micro hosts. There are certain limitations: * Installing additional software or patching the system does not work with the Web UI because transactional-update needs to be used instead of zypper. As a workaround, you can execute remote commands and call transactional-update tool on the SUSE Linux Enterprise Micro host. * SUSE Linux Enterprise Micro host cannot be monitored with SUSE Manager * SUSE Manager does not provide integrated container management yet. As a workaround, you can use Salt via cmd.run podman. We intend to resolve these issues in the future maintenance updates of SUSE Manager.

SUSE Linux Enterprise Micro includes SELinux with base system policies. Before enabling SELinux, make sure to install the necessary policies for your workload.

If you are running SUSE Linux Enterprise Micro as KVM virtualization host, the use of SELinux is strongly discouraged.

SUSE Linux Enterprise Micro provides the toolbox container. However, it is not part of the media and needs to be downloaded from https://registry.suse.com (https://registry.suse.com). To download from the registry, the system needs network access.

The toolbox container does not include or inherit a software repository setup from the underlying system. If the underlying system is registered properly, zypper will enable a basic set of repositories (Basesystem and Server Applications modules of SUSE Linux Enterprise Server 15 SP2) when you execute it. Then you can install additional software into the container.

SUSE Linux Enterprise Micro does not support init script of system services, which are usually located in /etc/init.d directory. Even if this directory still exists, it is empty on purpose. systemd unit files should be used instead of initscripts. To start system services or to configure their status on boot, use the systemctl command instead.

The installation workflow for manual installation is similar to SUSE Linux Enterprise Server. However, it is stripped down and configuration options are more limited. For more information, see the SUSE Linux Enterprise Server documentation.

Installing SUSE Linux Enterprise Micro with AutoYaST works similarly to installing SLED with AutoYaST. The two main differences are:

For more information, see the SUSE Linux Enterprise Micro and SUSE Linux Enterprise Server documentation.

The following example shows an AutoYaST profile:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
  <suse_register>
    <do_registration config:type="boolean">true</do_registration>
    <reg_code>YOUR_REGISTRATION_CODE</reg_code>
    <install_updates config:type="boolean">true</install_updates>
    <reg_server>http://YOUR_SMT_SERVER</reg_server>
  </suse_register>
  <bootloader>
    <global>
      <timeout config:type="integer">-1</timeout>
      <hiddenmenu>false</hiddenmenu>
    </global>
  </bootloader>
  <general>
    <mode>
      <confirm config:type="boolean">false</confirm>
      <second_stage config:type="boolean">false</second_stage>
    </mode>
  </general>
  <software>
    <products config:type="list">
      <product>SUSE-MicroOS</product>
    </products>
    <install_recommended config:type="boolean">true</install_recommended>
    <packages config:type="list">
      <package>grub2</package>
    </packages>
    <patterns config:type="list">
      <pattern>basesystem</pattern>
      <pattern>microos-container_runtime</pattern>
      <pattern>microos-selinux</pattern>
    </patterns>
  </software>
  <users config:type="list">
    <user>
      <encrypted config:type="boolean">false</encrypted>
      <user_password>ROOT_PASSWORD</user_password>
      <username>root</username>
    </user>
  </users>
</profile>

AutoYaST only supports a limited set of sections compared to SUSE Linux Enterprise Server:

Note: Explicitly disable the second stage

AutoYaST can set some options in either the first or the second stage. SUSE Linux Enterprise Micro does not include a second stage. For some settings (such as networking) to be applied during the first stage, you need to explicitly disable the second stage:

<second_stage config:type="boolean">false</second_stage>

The example profile above already includes this line.

Important: SELinux is necessary

The system will not boot if you do not install the SELinux pattern and keep SELinux enabled.

To learn how to install a system with Yomi, see the SUSE Manager documentation, section Install using Yomi (https://documentation.suse.com/external-tree/en-us/suma/4.1/suse-manager/salt/yomi.html). Installation with Yomi is a technology preview.

SUSE Linux Enterprise Micro is provided as raw images which can be deployed directly to a storage device, for example, a memory card, a USB stick, or a hard drive. SUSE Linux Enterprise Micro is also provided as images for specific hardware device with a customized software selection.

To deploy an image, first identify and download the image you need. Then decompress it and write it to a storage device:

xz -d <downloaded_image.raw.xz>
dd if=<downloaded_image.raw> of=/dev/sdX

When the image is first booted, use Ignition or Combustion for initial configuration. Make sure to set a root password or there will be no way to access the system after deployment.

Ignition or Combustion are invoked only the first time the image boots. To invoke them at a later reboot, append ignition.firstboot to the kernel command line.

Ignition configuration files should be named ignition/config.ign, and can be stored on a USB stick. A minimal Ignition configuration file could look like this:

{
  "ignition":{
    "version":"3.1.0"
  },
  "passwd":{
    "users":[
      {
        "name":"root",
        "passwordHash":"hash, created with, for example, `openssl passwd -6`"
      }
    ]
  }
}

For more information about Ignition and Combustion, including further examples, see:

When booting the system with SELinux enabled, the console reports:

Failed to transition into init label 'system_u:system_r:init_t:s0'

This message is harmless.

When reloading firewalld via firewall-cmd --reload, all Podman-related rules go missing. For this reason, firewalld is not enabled by default during installation. For more information, see https://github.com/containers/podman/issues/5431 (https://github.com/containers/podman/issues/5431).

firewalld does not know the Cockpit service. As a workaround, open the port in firewalld by typing this command:

firewall-cmd --zone=public --permanent --add-port=9090/tcp

The YaST installer offers installation via VNC. The installer also tries to make it possible to use the final system the same way that the system was initially installed. Therefore, the installer will attempt to install appropriate software and open appropriate firewall ports for later access to the system. However, the VNC server package is only available during the installation, but not for the installed system.

As the VNC server package cannot be installed, the installer will issue a warning. You can safely ignore this warning.